From: dimke.fax@uni.de   
      
   Hi everybody,   
      
   sure, you've already heard from one of the most severe bugs in linux   
   bash these days.   
      
   On my redhat machines it was no big challenge to fix the bug, because   
   redhat created a patched version and put it into their repositories.   
      
   Unfortunately, this is not possible with mandriva, of course.   
      
   So, on a box with mandriva 2009.1 / kernel 2.6.39.4, I got the shell   
   sources and all patches from gnu.org, applied the patches successively   
   and configured and made the executable.   
      
   It can be invoked and does what it should, but unfortunately, before and   
   after applying the patches and compiling, I always get as a   
   result "vulnerable", when running the well-known test   
      
   env x='() { :;}; echo vulnerable' bash -c 'echo hello'   
      
   I tested this with different versions from 3.2 .. 4.3. but it's always   
   the same.   
      
   What's puzzling me even more, is, that I ran the above test on a redhat   
   box, and after patching there appears no "vulnerable" any more, what   
   means, the patch is valid. But, when downloading exactly this bash   
   (2.05b) to my mandriva box, it runs, but there it shows "vulnerable"?!   
      
   Does anyone have an idea what could cause this misbehaviour?   
   A shell is one big monolithic executable, which does not install dozens   
   of libraries out of its rpm, isn't it?   
      
   Thanks for any hint.   
      
   Best regards,   
      
   Markus   
      
   --   
   Please reply to group only.   
   For private email please use http://www.dipl-ing-kessler.de/email.htm   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)